mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:35:46 +01:00
Don't parse or write extensions in SSLv3
In mbed TLS 1.3 a check went missing disabling the use of extensions in SERVER_HELLO for SSLv3, causing the "SSLv3 with extensions" test case from ssl-opt.sh to fail. This commit fixes that and adds a dump of all extensions present in the client hello that the same test case also checks for.
This commit is contained in:
parent
ca3ff06cea
commit
5745778333
@ -1632,6 +1632,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
|
||||
ext = buf + 44 + sess_len + ciph_len + comp_len;
|
||||
|
||||
SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
|
||||
|
||||
while( ext_len )
|
||||
{
|
||||
unsigned int ext_id = ( ( ext[0] << 8 )
|
||||
@ -2328,6 +2330,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
||||
SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||
ssl->session_negotiate->compression ) );
|
||||
|
||||
/* Do not write the extensions if the protocol is SSLv3 */
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||
{
|
||||
#endif
|
||||
|
||||
/*
|
||||
* First write extensions, then the total length
|
||||
*/
|
||||
@ -2378,6 +2386,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
|
||||
p += ext_len;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
}
|
||||
#endif
|
||||
|
||||
ssl->out_msglen = p - buf;
|
||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = SSL_HS_SERVER_HELLO;
|
||||
|
Loading…
Reference in New Issue
Block a user